Download | Programy

trojan-gen, kontrola HJKT,combo,malware logs

Problematika virů a antivirů, zabezpečení PC, firewall, spyware, kontrola logu, hesla, webové prohlížeče

Moderátoři: mozek007, Ryan, Moderátoři

vcela
Nováček
Nováček
Příspěvky: 11
Registrován: stř zář 24, 2008 16:39

trojan-gen, kontrola HJKT,combo,malware logs

Příspěvek od vcela »

Po narocnom studovani problematiky napadnuteho pc, vam pre urychlenie posielam logy. Najprv som si prestudoval, co pozadujete od uzivatelov a kedze nic nepomohlo tak som sa odhodlal zaregistrovat a poslat vam moje logy. Vopred Dakujem.
Ak by sa dalo, poslal by som logy este jedneho PC, alebo mam otvorit novu temu?

HJKT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:33, on 24. 9. 2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\Program Files\Mobility Manager\Mobility Manager\FMMService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\Mobility Manager\Mobility Manager\FMM.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\WDBtnMgr.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\rundll32.exe
E:\Documents and Settings\Admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AutoLaunch] E:\Program Files\Mobility Manager\Mobility Manager\FMM.exe
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Gemini NCM Status] E:\Program Files\BSC Praha\NCM\GNCMTray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPStart] E:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] E:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] E:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [000bfc90] rundll32.exe "E:\WINDOWS\system32\vxhbknjo.dll",b
O4 - HKLM\..\Run: [BM1327b0d9] Rundll32.exe "E:\WINDOWS\system32\sghntrkp.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportova do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sap.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/set ... 118_24.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - E:\Program Files\Seagull\BarTender\7.75\CmdrSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - E:\Program Files\Mobility Manager\Mobility Manager\FMMService.exe
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - E:\Program Files\BSC Praha\NCM\GNCM.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9717 bytes
............................................................................................................................................................................

combofix:
ComboFix 08-09-22.06 - Admin 2008-09-24 15:55:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.425 [GMT 2:00]
Running from: E:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Admin\Application Data\inst.exe
E:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt
E:\Documents and Settings\Admin\Cookies\admin@www.tipos[2].txt
E:\WINDOWS\BM1327b0d9.txt
E:\WINDOWS\BM1327b0d9.xml
E:\WINDOWS\pskt.ini
E:\WINDOWS\system32\ljJDTMfC.dll
E:\WINDOWS\system32\ojnkbhxv.ini
E:\WINDOWS\system32\QsuvvGgh.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 15:27 . 2008-09-24 15:27 2,301,608 --a------ E:\AutoRuns.arn
2008-09-24 15:25 . 2008-09-24 15:25 140,576 --a------ E:\SysInspector-NX-90201-080924-1523.zip
2008-09-23 17:44 . 2008-09-23 17:44 <DIR> d-------- E:\Program Files\Alwil Software
2008-09-23 17:01 . 2008-09-23 17:01 91,136 --a------ E:\WINDOWS\system32\vxhbknjo.dll
2008-09-23 16:58 . 2008-09-23 16:58 95,232 --a------ E:\WINDOWS\system32\sghntrkp.dll
2008-09-23 16:56 . 2008-09-23 16:56 95,232 --a------ E:\WINDOWS\system32\bjuyaagn.dll
2008-09-23 16:47 . 2008-09-24 07:08 <DIR> d-------- E:\Documents and Settings\Admin\Application Data\LuckyTender
2008-09-23 16:27 . 2008-09-23 16:27 <DIR> d-------- E:\THE_GOLDEN_COMPASS_D1
2008-09-23 16:25 . 2008-09-24 15:55 378,863 --ahs---- E:\WINDOWS\system32\QsuvvGgh.ini2
2008-09-23 16:25 . 2008-09-23 16:25 317,440 --a------ E:\WINDOWS\system32\hgGvvusQ.dll
2008-09-23 16:19 . 2008-09-23 16:19 <DIR> d-------- E:\Program Files\LuckyTender
2008-09-23 16:04 . 2008-09-23 16:23 <DIR> d-------- E:\Documents and Settings\Admin\Application Data\Vso
2008-09-23 16:04 . 2008-09-23 16:04 47,360 --a------ E:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-23 16:04 . 2008-09-23 16:23 47,360 --a------ E:\Documents and Settings\Admin\Application Data\pcouffin.sys
2008-09-04 10:04 . 2008-09-04 10:19 12,288 --ahs---- E:\Thumbs.db
2008-09-04 09:54 . 2008-09-04 09:54 182,971 --a------ E:\EasyPosAktiv.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 14:34 --------- d-----w E:\Documents and Settings\Admin\Application Data\Skype
2008-09-22 10:27 --------- d-----w E:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-27 11:33 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-26 10:03 --------- d-----w E:\Program Files\Java
2008-08-11 04:45 --------- d-----w E:\Program Files\Winamp
2008-08-08 11:56 --------- d-----w E:\Program Files\Microsoft ActiveSync
2008-07-25 06:08 --------- d--h--w E:\Program Files\Zero G Registry
2008-07-25 06:08 --------- d-----w E:\Program Files\Hewlett-Packard
2008-07-25 06:06 --------- d-----w E:\Program Files\HP
2008-05-14 06:44 32,768 -csha-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
2008-05-30 00:42 188416 --a------ E:\Program Files\LuckyTender\1.3.0\LuckyTender.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{658020C7-F3AB-492D-B72C-FC9F307E2B91}]
2008-09-23 16:25 317440 --a------ E:\WINDOWS\system32\hgGvvusQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 23233576]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"AutoLaunch"="E:\Program Files\Mobility Manager\Mobility Manager\FMM.exe" [2006-11-20 159744]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2003-10-30 118784]
"Gemini NCM Status"="E:\Program Files\BSC Praha\NCM\GNCMTray.exe" [2006-09-13 34816]
"eabconfg.cpl"="E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"RemoteControl"="E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SynTPStart"="E:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"egui"="E:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"StatusClient 2.6"="E:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="E:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"000bfc90"="E:\WINDOWS\system32\vxhbknjo.dll" [2008-09-23 91136]
"BM1327b0d9"="E:\WINDOWS\system32\sghntrkp.dll" [2008-09-23 95232]
"WD Button Manager"="WDBtnMgr.exe" [2008-02-25 E:\WINDOWS\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - E:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-10-17 6144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Mobility Manager\\Mobility Manager\\FMM.exe"=
"E:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22:TCP"= 22:TCP:sa
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 FMMService;Mobility Manager Service;E:\Program Files\Mobility Manager\Mobility Manager\FMMService.exe [2005-11-10 49152]
R3 PSched;QoS Packet Scheduler;E:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);E:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-07-13 472096]
S3 Commander Service;Commander Service;E:\Program Files\Seagull\BarTender\7.75\CmdrSrv.exe [2006-08-15 1099368]
S3 ft1000;Flarion Flash OFDM wireless service;E:\WINDOWS\system32\DRIVERS\ft1000.sys [2007-07-09 62208]
S3 GNCM;Gemini Network Communication Manager;E:\Program Files\BSC Praha\NCM\GNCM.exe [2006-09-13 196608]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;E:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2004-04-06 64088]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;E:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 283392]
S3 USBNumPad;Numberpad USB Keyboard;E:\WINDOWS\system32\Drivers\USBNumPad.sys [2007-03-19 9600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6fd56cc-7c74-11dc-8e45-00c09f73f3dd}]
\Shell\AutoRun\command - explorer.exe http://"www.jbl.com"
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rah3q5xl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 16:34:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


E:\WINDOWS\BM1327b0d9.txt 74 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINDOWS\explorer.exe
-> E:\WINDOWS\system32\vxhbknjo.dll
-> E:\WINDOWS\system32\sghntrkp.dll
.
------------------------ Other Running Processes ------------------------
.
E:\WINDOWS\system32\scardsvr.exe
E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2008-09-24 16:38:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 14:38:25

Pre-Run: 44 124 168 192 bytes free
Post-Run: 44,917,665,792 bytes free

156 --- E O F --- 2008-09-11 05:07:59
............................................................................................................................................................
malwarebytes:
Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3

24. 9. 2008 18:05:07
mbam-log-2008-09-24 (18-04-58).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 159024
Time elapsed: 52 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\WINDOWS\system32\hgGvvusQ.dll (Trojan.Vundo.H) -> No action taken.
E:\WINDOWS\system32\vxhbknjo.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9537b88f-916d-4e4b-b700-b6ef2cd9f708} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9537b88f-916d-4e4b-b700-b6ef2cd9f708} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000bfc90 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1327b0d9 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\hggvvusq -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\hggvvusq -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\hgGvvusQ.dll (Trojan.Vundo.H) -> No action taken.
E:\WINDOWS\system32\QsuvvGgh.ini (Trojan.Vundo.H) -> No action taken.
E:\WINDOWS\system32\QsuvvGgh.ini2 (Trojan.Vundo.H) -> No action taken.
E:\WINDOWS\system32\vxhbknjo.dll (Trojan.Vundo.H) -> No action taken.
E:\WINDOWS\system32\ojnkbhxv.ini (Trojan.Vundo.H) -> No action taken.
C:\Temp\Old_usb\Programs\MS keys\ms_keygen.exe (Trojan.Downloader) -> No action taken.
E:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> No action taken.
E:\WINDOWS\system32\sghntrkp.dll (Trojan.Agent) -> No action taken.
E:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
E:\WINDOWS\BM1327b0d9.xml (Trojan.Vundo) -> No action taken.
E:\WINDOWS\BM1327b0d9.txt (Trojan.Vundo) -> No action taken.
..........................................................................................................................................................................
vcela
Nováček
Nováček
Příspěvky: 11
Registrován: stř zář 24, 2008 16:39

Re: trojan-gen, kontrola HJKT,combo,malware logs

Příspěvek od vcela »

este pridavam log sdfixu:

SDFix: Version 1.228
Run by Admin on st 24. 09. 2008 at 18:40

Microsoft Windows XP [Version 5.1.2600]
Running From: E:\Documents and Settings\Admin\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 19:15:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Mobility Manager\\Mobility Manager\\FMM.exe"="E:\\Program Files\\Mobility Manager\\Mobility Manager\\FMM.exe:*:Enabled:Mobility Manager"
"E:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="E:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 16 Oct 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
vcela
Nováček
Nováček
Příspěvky: 11
Registrován: stř zář 24, 2008 16:39

Re: trojan-gen, kontrola HJKT,combo,malware logs

Příspěvek od vcela »

Panove uz som to vyriesil.
PS: nod uz od dnesneho dna ma aktualizacovanu vir. db aj na dany vir.
Prajem pekny den
Odpovědět